Patch vCenter Server Appliance configured with High Availability (HA)

One of the questions I received recently from a reader was a question concerning how to patch vCenter Server Appliance configured with High Availability (HA). If you’re still on Windows based vCenter, on an older version of VMware vsphere (5.5 or 6.0) then you might listen up.

As you know, the latest VMware vCenter Server Appliance (VCSA) based on Photon OS came also with a possibility to setup HA environment for vCenter. It means that the system will create a copy of the active node, and puts in place a third node – Witness node. We can consider vCenter HA as a “3-node cluster”.

All 3 nodes communicate through a separate network and are in sync. The passive node is continuously receiving data flowing from the active node.

From the architectural perspective, both, vCenter server and Platform Service Controller (PSC)embedded or vCenter server with separate PSCs are supported.

So here we come to a situation when VMware releases patches to our VCSA. Now what? What’s the correct order of doing things? What’s the correct sequence? Do I have to patch only the Active node, and the passive node will just copy the missing bits? Or, do I have to patch both (active and passive?). Let’s have a look.

Patch vCenter Server Appliance configured with High Availability (HA)

VMware supports the following way:

Here are the steps:

Step 1: Download the latest VCSA Patch from the VMware Patch Download Center(https://my.vmware.com/group/vmware/patch) and select VC from the Search by Product drop down, and then vSphere 6.5. (it should be an ISO file).

Step 2: Put the vCenter HA into Maintenance Mode. (replication still works but no failover). You’ll have to use vSphere Web client (HTML5 client for vSphere does not have this functionality just yet implemented). Settings > Select vCenter HA > Edit > Maintenance Mode

Step 6: Same as step 4: Attach the ISO to the passive node > Patch the Passive Node via the same steps as above.

Step 7: Exit the maintenance mode of VCSA HA.

Done.

Optional Step: You can perform failback if you want to get back to the initial configuration. From the vSphere Web Client, Select vCenter > Configure > vCenter HA >Initiate Failover > Yes.

Wrap UP:

VCSA HA adds two more VMs to the environment which consumes storage, memory and CPU cycles. In fact, it more than doubles the RAM requirement for both Active-passive configurations. In the lab, one VCSA takes 16Gb of RAM so all 3 appliances (with the Witness only taking about 1Gb of RAM) requires more than 33 Gb of RAM.

Depending on your requirements it is up to you to decide if you need such a functionality. It is a built-in new feature of vSphere 6.5 and we have already done a write up (including tests):

Note that you’ll experience some downtime during failover. You won’t be able to access the system via vSphere web client. The latest deltas are copied over to passive node > Passive node is becoming active > starting up the services > Initializing the web client services….

During my initial tests of the failover, the Passive node has become Active, and it took about 10 min for all the services and web client to be fully initialized so I could log back in. (you can check the third link).

During the failover, all you’ll see is this image… but then, you have a fully resilient system fully patched, up and running again.

Whether to protect vCenter via HA or just rely on backups or vSphere HA, it really depends on things like the size of your organization, how critical is vCenter uptime etc. Because at the end of the day, many things like day to day VM operations, can be done through ESXi Host Client which in its latest version displays also some VMware vSAN information as well, without being dependent on VMware vCenter server.

It would certainly be very cool to push into some kind of decentralized management of vSphere infrastructure where you would be able to connect to any ESXi within your cluster and manage cluster services such as HA, DRS, etc… for a situations when vCenter server is unavailable.

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x11, Veeam Vanguard x5, VCAP-DCA/DCD, VCP, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.